admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-539xx/CVE-2024-53943.json
cad-safe-bot 2ad9d9eb46 Auto-Update: 2025-02-05T21:01:53.795162+00:00
2025-02-05 21:05:19 +00:00

68 lines
2.5 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-53943",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-02-03T18:15:36.733",
"lastModified": "2025-02-05T19:15:44.257",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in NRadio N8-180 NROS-1.9.2.n3.c5 devices. The /cgi-bin/luci/nradio/basic/radio endpoint is vulnerable to XSS via the 2.4 GHz and 5 GHz name parameters, allowing an attacker to execute JavaScript within the context of the current user by injecting JavaScript into the SSID field. If an administrator logs into the device, the injected script runs in their browser, executing the malicious payload."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en los dispositivos NRadio N8-180 NROS-1.9.2.n3.c5. El /cgi-bin/luci/nradio/basic/radio endpoint es vulnerable a XSS a trav\u00e9s de los par\u00e1metros de nombre de 2,4 GHz y 5 GHz, lo que permite a un atacante ejecutar JavaScript dentro del contexto del usuario actual al inyectar JavaScript en el campo SSID. Si un administrador inicia sesi\u00f3n en el dispositivo, el script inyectado se ejecuta en su navegador y ejecuta el payload malicioso."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/actuator/cve/blob/main/NRADIO/CVE-2024-53943.txt",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/actuator/cve/blob/main/NRADIO/N8-180Firmware-Version-NROS-1.9.2.n3.c5-XSS.gif",
"source": "cve@mitre.org"
},
{
"url": "https://www.nradiowifi.net/article/9.html",
"source": "cve@mitre.org"
}
]
}
Reference in New Issue View Git Blame Copy Permalink